<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class User extends CI_Controller {

	function __construct()
	{
		parent::__construct();
		$this->base = $this->config->item('base_url');
		$this->resetcss = $this->config->item('reset');
		$this->css = $this->config->item('css');
		$this->load->model('db_user', '', TRUE);
	}

	public function index()
	{
		$head['base'] = $this->base;
		$head['reset'] = $this->resetcss;
		$head['css'] = $this->css;
		if ($this->session->flashdata('reg_status') != '') {
			$content['reg_status'] = $this->session->flashdata('reg_status');
		} else {
			$content['reg_status'] = '';
		}
		if ($this->session->flashdata('login_status') != '') {
			$content['login_status'] = $this->session->flashdata('login_status');
		} else {
			$content['login_status'] = '';
		}
		$this->load->view('header', $head);
		$this->load->view('user_login', $content);
		$this->load->view('footer');
	}
	
	public function register()
	{
		// new user registration
		$head['base'] = $this->base;
		$head['reset'] = $this->resetcss;
		$head['css'] = $this->css;
		$this->load->view('header', $head);
		$this->load->view('user_register');
		$this->load->view('footer');
	}
	
	public function forgot()
	{
		// form to email new password
		$head['base'] = $this->base;
		$head['reset'] = $this->resetcss;
		$head['css'] = $this->css;
		$this->load->view('header', $head);
		$this->load->view('user_forgot');
		$this->load->view('footer');
	}
	
	// PROCESSING FUNCTIONS
	
	public function login()
	{
		// gets information submitted from form and puts in array
		$user = addslashes($this->input->post('login_user', TRUE));
		$pass = addslashes($this->input->post('login_pw', TRUE));
		$result = $this->db_user->loginUser($user, $pass);
		if ($result['status'] == 1) {
			// user has been logged in, redirect to dashboard
			$whodat = array(
							'stat' => '1',
							'role' => $result['user_role'],
							'user_id' => $result['user_id'],
							'user_name' => $result['user_name'],
							'browse_page' => 1,
							'browse_stream' => 0,
							'browse_track' => 0
							);
			$this->session->set_userdata($whodat);
			redirect('scheduler');
		} else {
			// user could not be logged in
			// $result holds error message
			$this->session->set_flashdata('login_status', $result['message']);
			redirect('user');
		}
	}
	
	public function registernew()
	{
		// gets information submitted from form and puts in array
		$newUser['fname'] = addslashes($this->input->post('fname', TRUE));
		$newUser['lname'] = addslashes($this->input->post('lname', TRUE));
		if ($this->input->post('org', TRUE)) {
			$newUser['org'] = addslashes($this->input->post('org', TRUE));
		} else {
			$newUser['org'] = '';
		}
		$newUser['email'] = addslashes($this->input->post('email1', TRUE));
		$newUser['pass'] = addslashes($this->input->post('pw1', TRUE));
		// using submitted password, create a salted hash - PASSWORDS NEVER STORED AS PLAINTEXT
		// there is no security concern with storing the salt(s) in the database
		$saltA = md5(uniqid(rand(), true)); $newUser['saltA'] = $saltA;
		$saltB = md5(uniqid(rand(), true)); $newUser['saltB'] = $saltB;
		$pass = $newUser['pass'];
		$newUser['pass'] = hash("sha512", $saltB.$pass.$saltA);
		$newUser['key'] = md5(uniqid(rand(), true));
		// sends array of collected/processed info and sends to model
		$id = $this->db_user->registerUser($newUser);
		// if registration is successful, send confirmation email with confirmation key
		$emailTo = $newUser['email'];
		$subject = 'OpenWorld Scheduler New User Registration';
		$fname = $newUser['fname'];
		$url = $this->base . 'user/confirm/' . $id . '/' . $newUser['key'];
		$body = "Dear $fname,\n\nYou recently registered to use the OpenWorld Scheduler.  The only remaining step you need to take is to confirm your email address.  Copy and paste the link provided below to confirm your email and activate your account.  You will not be able to login until this step has been completed.  Here is the link:\n\n$url\n\nIf you believe you received this email in error, or you did not sign up to use the OpenWorld Scheduler, please disregard this email - we apologize for any inconvenience.\n\nThank you,\n\nThe OpenWorld Scheduler Team";
		$headers = "From: OpenWorld Scheduler <no-reply@schedulesmarter.org>\r\n";
		mail($emailTo, $subject, $body, $headers);
		// model has created record in database - status message is presented to user
		$this->session->set_flashdata('reg_status', 'Registration was successful.  Please check your email to confirm your registration prior to your first login.');
		// redirect to the main page to display registration feedback
		redirect('user');
	}
	
	public function confirm($id, $key)
	{
		$result = $this->db_user->confirmUser($id, $key);
		// based on the result - 1 for confirmed, 0 for not confirmed, we set up messaging
		if ($result == 1) {
			$this->session->set_flashdata('reg_status', 'Your account has been confirmed. You can now login and begin using the OpenWorld Scheduler.');
		} else {
			$this->session->set_flashdata('reg_status', 'Your account could not be confirmed. Please try again.');
		}
		// redirect to the main page to display registration feedback
		redirect('user');
	}
	
	public function reset_code()
	{
		$user = addslashes($this->input->post('email', TRUE));
		// send email to model to check db if user exists
		// returns 0 if no, user id if it does
		$info = $this->db_user->userExists($user);
		$id = $info['id'];
		$name = $info['name'];
		if ($id == 0) {
			$this->session->set_flashdata('reg_status', 'User does not exist. Please register.');
			redirect('user');
		} else {
			// create and add forgot_key to database
			$key = md5(uniqid(rand(), true));
			$this->db_user->setForgotKey($id, $key);
			// send email with forgot_key to user
			$emailTo = $user;
			$subject = 'Reset Password for OpenWorld Scheduler';
			$url = $this->base . 'user/reset_password/' . $id . '/' . $key;
			$body = "Dear $name,\n\nYou recently requested to reset your password for the OpenWorld Scheduler.  To complete the process, please copy and paste the link provided below.  You will be asked to provide a new password and confirm that new password.  Passwords should be at least 6 character in length.  Please avoid common passwords such as 'password' or personal information such as your name, a family member's name, or your date of birth.  Once the password change has been confirmed, you may sign in using your new password.  Please remember that this link is for one use only. If you need to reset your password again, you will need to use the Forgot Password? utility on the site again.\n\nHere is your link:\n\n$url\n\nIf you believe you received this email in error, or you did not request to reset your OpenWorld Scheduler password, please disregard this email - we apologize for any inconvenience.\n\nThank you,\n\nThe OpenWorld Scheduler Team";
			$headers = "From: OpenWorld Scheduler <no-reply@schedulesmarter.org>\r\n";
			mail($emailTo, $subject, $body, $headers);
			$this->session->set_flashdata('reg_status', 'An email has been sent with instructions to reset your password.');
		}
		// redirect to the main page to display registration feedback
		redirect('user');
	}
	
	public function reset_password($id, $key)
	{
		$result = $this->db_user->resetPass($id, $key);
		$content['id'] = $id;
		// based on the result - 1 for confirmed, 0 for not confirmed, we set up messaging
		if ($result == 1) {
			$head['base'] = $this->base;
			$head['reset'] = $this->resetcss;
			$head['css'] = $this->css;
			$this->load->view('header', $head);
			$this->load->view('reset_password', $content);
			$this->load->view('footer');
		} else {
			$this->session->set_flashdata('reg_status', 'We are unable to verify you at this time. Please try again.');
			redirect('user');
		}
	}
	
	public function change_pass()
	{
		// gets information submitted from form and puts in array
		$newPass = addslashes($this->input->post('pw1', TRUE));
		$id = addslashes($this->input->post('user', TRUE));
		// using submitted password, create a new salted hash - PASSWORDS NEVER STORED AS PLAINTEXT
		// there is no security concern with storing the salt(s) in the database
		$saltA = md5(uniqid(rand(), true)); $newUser['saltA'] = $saltA;
		$saltB = md5(uniqid(rand(), true)); $newUser['saltB'] = $saltB;
		$newPass = hash("sha512", $saltB.$newPass.$saltA);
		// sends array of collected/processed info and sends to model
		$this->db_user->updatePass($id, $newPass, $saltA, $saltB);
		// password has been changed
		$this->session->set_flashdata('reg_status', 'Your password has successfully been changed. You can now use it to login.');
		// redirect to the main page to display registration feedback
		redirect('user');
	}
	
}

/* End of file user.php */
/* Location: ./roadrunner/controllers/user.php */